GDPR: study highlights data protection challenges for research

The introduction of laws like the EU General Data Protection Regulation (GDPR) can complicate the operations of scientific journals and funding bodies, according an Uppsala University-led study presented at the annual conference of the European Society of Human Genetics.

The research community often requires the depositing of individual genetic data from studies into research depositories to improve data sharing. This supports the reproducibility of new findings and facilitates discoveries.

Attempts to comply with the requirements of journals and funders often clash with GDPR.

Under GDPR, participants in research studies have the right to withdraw consent for further use of their data, which includes the processing of their data in research repositories. The legislation also requires data processing to be limited to that which is necessary to fulfil a study’s objectives, ruling out the long-term retention of data for unspecified uses.

The study concluded that the inability to access such data eliminates resources that may be useful in the future, reducing research efficiency.

Uppsala University senior researcher Dr Deborah Mascalzoni said: “We need to follow along the path of open science while taking into account ethical and legal rules if we are to be able to comply with both the law and the funders’ requirements.”

GDPR has yet to be worn into the everyday work of researchers as it is still a fairly new regulation, with the Uppsala team urging journals and funding bodies to set up GDPR compliance policies within their organisations.

Mascalzoni said: “Because participant trust is so crucial to the future of research, we were surprised to find that research repositories had not already changed their modus operandi and that journals and funders had not amended their policies to account for the GDPR.”

It is currently possible for researchers to work around GDPR restrictions to some degree. While they may face legal barriers when submitting individual-level genetic data to journal repositories, they are able to share the data with reviewers, editors and other research teams on a one-on-one basis.

The Uppsala team has encouraged the introduction of exceptions and waivers to GDPR for the scientific community, so that researchers are not forced to choose between either disobeying the law or having their work excluded.

Mascalzoni said: “We hope that our work will showcase the urgency of setting up GDPR-compliant research repositories and adapting the requirements of funding bodies and journals to the GDPR. If we are to operate in an open, efficient science environment, we need to build a safe place where researchers and patients can participate knowing human rights and research are taken seriously simultaneously.”

Make an Enquiry

About

The French company Ionisos is one of the first companies in the world to have put ionising rays to good use for the sterilisation of medical devices. Originally known as Conservatome (from 1958 to 1993), Ionisos came into being in 1993 following a merger between Conservatome and Amphytrion. Ionisos now offers cold sterilisation for a range of applications.